In the most basic terms, EMV Level 3 Type Approval is brand specific and required for each unique solution set. To break down that sentence a bit, by ‘brand specific’ I mean that there is a specific certification script which has to be successfully completed for each EMV card brand in order to receive Level 3 approval from that brand.
All of these approvals can be found on the EMVCo website.
EMV Level 3 certification - This certification level is much lesser known and is related to the actual software application running on a device and the connection to the acquirer. There is a specific certification script which has to be successfully completed for each EMV card brand in order to receive Level 3 approval from that brand. This test is the responsibility of acquirers.
How Do These Tests Work?
EMV testing is divided into three levels.
Levels 1 and 2 are handled by EMVCo and deal with certifying payment equipment at the hardware and software levels. Each certification is meant to ensure not only the security of the device, but also interoperability standards between brands, customer verification methods (CVMs) and other aspects of EMV deployment. This also applies to apps that are designed to facilitate EMV adoption.
As a small business owner, unless you code your own kernel-level applications for your terminals, you shouldn’t have to worry about Levels 1 or 2.
In contrast to hardware and software, Level 3 is an end-to-end certification conducted between the merchant and the brand, with checks made with your processor, acquirer and any ISV(s) you are working with. It checks the integrity of the payment chain by testing every type of possible transaction that the terminal can do.
Depending on the types of transactions and CVMs you want to process, you could be looking at upwards of a few hundred tests, especially if you accept all four brands.